Audit-or-Cast: Enforcing Honest Elections with Privacy-Preserving Public Verification
For electronic voting systems, ACE solves the long-standing tension between public verifiability and strong privacy/coercion resistance, enabling honest elections with privacy-preserving public verification.
ACE is a voting protocol that achieves end-to-end verifiability, tally-hiding, and receipt-freeness without trusted clients, using a novel Audit-or-Cast challenge and tallier-side re-randomization.
Electronic voting systems must balance public verifiability with voter privacy and coercion resistance. Existing cryptographic protocols typically achieve end-to-end verifiability by revealing vote distributions, relying on trusted clients, or enabling transferable receipts - design choices that often compromise trust or privacy in real-world deployments. We present ACE, a voting protocol that reconciles public auditability with strong privacy guarantees. The protocol combines a publicly verifiable, tally-hiding aggregation mechanism with an Audit-or-Cast challenge that enforces cast-as-intended even under untrusted client assumptions. Tallier-side re-randomization eliminates persistent links between voters and public records, yielding information-theoretic receipt-freeness assuming at least one honest tallier. We formalize the security of ACE and show that it simultaneously achieves end-to-end verifiability, publicly tally-hiding results, and strong receipt-freeness without trusted clients.